vb.org Archive
Page 47 of 125 « First 374546 47 48495797 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.8 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=235)
-   -   Miscellaneous Hacks - Live Topic (https://vborg.vbsupport.ru/showthread.php?t=201228)

inciarco 02-11-2009 04:35 AM
Quote:
Originally Posted by buro9 (Post 1740124)
I have a couple of questions.

One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.

So I'm guessing it's written by the javascript, so I would like to see the unpacked JavaScript to adjust it. OR have the additional notice templated in the vBulletin template system.

Next up is security. I got a few errors through:
PHP Code:
Database error in vBulletin 3.8.1:

Invalid SQL:

                                        SELECT COUNT(*) AS count
                                        FROM vb_post AS post
                                        WHERE
                                                (threadid 14030
                                                AND visible 1
                                                AND dateline 1234287978.:
                                                AND userid != 217)
                                                OR (threadid 14030
                                                AND visible 1
                                                AND lastedit 1234286762);

MySQL Error   You have an error in your SQL syntaxcheck the manual that corresponds to your MySQL server version for the right syntax to use near ':
                                                AND userid != 217)
                                                OR (threadid = 14030
                                                AND visible = 1
                                ' at line 6 
Now where did that come from?

Checking the php source it seems that you just take the POST'd value and put it straight into the MySql script. Is that correct? If so... BIG ++++ING SECURITY HOLE. Because you've just allowed SQL injection.

Could you confirm whether you really are taking $_POST['value'] and using it directly in the SQL, because you REALLY REALLY need to change that before something very bad happens.
What About This, Coders Shack? :confused::confused::confused:

Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post? :confused::confused::confused:

Is Important to Know the Answer to This !!

:)

jambo_1969 02-11-2009 06:00 AM
Quote:
Originally Posted by inciarco (Post 1740462)
What About This, Coders Shack? :confused::confused::confused:

Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post? :confused::confused::confused:

Is Important to Know the Answer to This !!

:)
Tried to uninstall - the product will NOT uninstall.

This all needs to be looked at now.

nso 02-11-2009 06:53 AM
Quote:
Originally Posted by inciarco (Post 1740462)
What About This, Coders Shack? :confused::confused::confused:

Could This Cause Security Problems in Boards and Allow SQL Injection as Mentioned in this Post? :confused::confused::confused:

Is Important to Know the Answer to This !!

:)
It won't. The strigns are escaped, and an attacker won't be able to perform sql-injections.
The error is that the . and : are appended, but they are not harmfull characters.
It could probably be solved by adding int() around the post-variable, or by using the in-built GPC(?) method in vbb

ThorstenA 02-11-2009 10:36 AM
Very great product! I was talking about this for years, but did not know how to do that.

Suggestion: Make image/misc icons optional. It's obvious that new posts within last hour are somewhat "live topics".

inciarco 02-11-2009 01:01 PM
Quote:
Originally Posted by nso (Post 1740530)
It won't. The strigns are escaped, and an attacker won't be able to perform sql-injections.
The error is that the . and : are appended, but they are not harmfull characters.
It could probably be solved by adding int() around the post-variable, or by using the in-built GPC(?) method in vbb
I Appreciate Your Answer nso. :up:

Could Coders Shack Please Confirm This Answer Provided by nso? :confused::confused::confused:

I've Disabled the Product since some days ago Until Coders Shack Answer to that Matter of SQL Injections. :(

My Best Regards.

:)

DobieGillis? 02-11-2009 01:32 PM
all I know is this is one of the best hacks I have ever seen and should win MOTM!

ThorstenA 02-11-2009 01:40 PM
Quote:
Originally Posted by buro9 (Post 1740124)
One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.
You can just copy forum/clear.gif to forum/images/misc/forumlive.gif

That way there's no image displayed.

Coders Shack 02-11-2009 03:02 PM
Quote:
Originally Posted by buro9 (Post 1740124)
I have a couple of questions.

One relates to the packed/minified javascript. I want to remove the notice that tells people it's a live topic... or re-format it... it's ugly.

So I'm guessing it's written by the javascript, so I would like to see the unpacked JavaScript to adjust it. OR have the additional notice templated in the vBulletin template system.

Next up is security. I got a few errors through:
PHP Code:
Database error in vBulletin 3.8.1:

Invalid SQL:

                                        SELECT COUNT(*) AS count
                                        FROM vb_post AS post
                                        WHERE
                                                (threadid 14030
                                                AND visible 1
                                                AND dateline 1234287978.:
                                                AND userid != 217)
                                                OR (threadid 14030
                                                AND visible 1
                                                AND lastedit 1234286762);

MySQL Error   You have an error in your SQL syntaxcheck the manual that corresponds to your MySQL server version for the right syntax to use near ':
                                                AND userid != 217)
                                                OR (threadid = 14030
                                                AND visible = 1
                                ' at line 6 
Now where did that come from?

Checking the php source it seems that you just take the POST'd value and put it straight into the MySql script. Is that correct? If so... BIG ++++ING SECURITY HOLE. Because you've just allowed SQL injection.

Could you confirm whether you really are taking $_POST['value'] and using it directly in the SQL, because you REALLY REALLY need to change that before something very bad happens.
1.06b will be using GPC,

also if you want to change the text for the notice its a phrase, just go to the phrase manager and search by name "livetopic". I will also be managing all the styling by CSS in 1.06b so you can make it look however you want it to.

auto 02-12-2009 02:57 AM
Quote:
Originally Posted by auto (Post 1739679)
How can I troubleshoot this hack?

I have installed it on vB3.8.0 at http://www.automotiveforums.com/vbulletin/ but the AJAX does not seem to do anything. The LiveTopic image does show up and then disappears after the specified time of inactivity.
Just an update on my problem - it was mod_security. If you have mod_security, then screws with vB's ajax in default settings and needs to be modified to allow vB's files.

GrendelKhan{TSU 02-12-2009 04:48 AM
Quote:
Originally Posted by auto (Post 1741429)
Just an update on my problem - it was mod_security. If you have mod_security, then screws with vB's ajax in default settings and needs to be modified to allow vB's files.
where /waht is mod security?

I seem to have the same problem...installed. no errors...
but can't actually get it to do anything when I tested. :confused: (same icon appears...but no updates even testing with 2,3,4 ppl)


All times are GMT. The time now is 10:34 AM.
Page 47 of 125 « First 374546 47 48495797 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02220 seconds
  • Memory Usage 1,782KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_php_printable
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete